[tor-relays] Security implications of disabling onion key rotation?
David Fifield
david at bamsoftware.com
Thu May 25 00:54:16 UTC 2023
Linus Nordberg and I have had a paper accepted to FOCI 2023 on the
special pluggable transports configuration used on the Snowflake
bridges. That design was first hashed out on this mailing list last
year.
https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-single-bridge/1483/11
https://github.com/net4people/bbs/issues/103
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival%20Guides/Snowflake%20Bridge%20Installation%20Guide
There is a draft of the paper here:
https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.20230307.pdf
https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.20230307.tex
A question that more than one reviewer asked is, what are the security
implications of disabling onion key rotation as we do? (Section 3.2 in
the draft.) It's a good question and one we'd like to address in the
final draft.
What are the risks of not rotating onion keys? My understanding is that
rotation is meant to enhance forward security; i.e., limit how far back
in time past recorded connections can be attacked in the case of key
compromise. https://spec.torproject.org/tor-design Section 4 says:
Short-term keys are rotated periodically and independently, to
limit the impact of key compromise.
Do the considerations differ when using ntor keys versus TAP keys?
More information about the tor-relays
mailing list